EXPLAIN: GNU/Linux File Permissions.
Every file and directory on a GNU/Linux machine has a set of permissions attached to it. This is to ensure that only the users and applications that are supposed to access a file can do so. GNU/Linux was built from the ground up as a multi-user system and these permissions are part of ensuring a multi-user networked system is secure and stable.
However, every now and again a file permission needs to be tweaked for a variety of reasons, but how to do so?
This topic is so boring that I thought it might be easier to stomach if I recorded it. So I did in OGG format. I pretty much refuse to support MP3 when I don’t have to. If you’re absolutely dying for an MP3 let me know and I’ll cut one for you.
Otherwise, here’s the OGG file.
In case you’re a text person though, here’s the quick and dirty low-down. Open up a terminal window and type ls -l. This will present the long directory list of each file in the directory you’re in. I don’t know what files you have, so we’re going to use this one:
-rwxr-xr-x 1 root root 65244 Sep 13 12:53 wlancfg
We only thing we care about is the -rwxr-xr-x part. There are ten positions here.
Position 1 is usually either a hyphen - , the letter d or the letter l. There are more possibilities, but those are the most common three:
- l means that the file is a link
- - means that the file is a file
- d means that the file is a directory
The remaining nine positions are best considered as three groups of three: rwx | r-x | r-x
The first group shows the owner’s (in this case the user root) permissions for that file. The second group shows the permissions that other members of the owner’s group have (in this case the root group). The last group shows the permissions that everyone else in the world has. NOTE: This is everyone else but but owner and owner’s group.
So, the owner (root) can read, write, and execute this file.
Other members of the root group can read and execute this file, they cannot write it.
Everyone else on the planet can read and execute this file as well, they cannot write it.
So how to add a permission?
Consider the line:
chmod g+w wlancfg
The command chmod is used to change modes. g+w means “Group add Write” and wlancfg is the file name. Therefore, this line reads: “add the ability to write to this file to any user who is in the root group” (the same group as the file’s owner). Therefore, the net permissions that anyone in the root group will be read, write, and execute because the read and execute were already assigned.
To remove a permission, use the minus sign:
chmod u-w wlancfg will remove the write permission from the user (owner) . Root will no longer be able to modify this file.
To set a specific string of permissions, you can use the equals (=) sign:
chmod o=rwx wlancfg will set the file to allow anyone except the file owner and other users in the owner’s group to read, write, and execute the file.
Numbers can also be used to set file permissions. The execute bit has a value of 1, the write bit has a value of 2 and the read bit has a value of 4. Consider:
chmod 777 wlancfg - the user, group, and other all have read (4), write (2), and execute (1) permissions on the file: 4+2+1=7.
chmod 644 wlancfg - the user has read and write, but the group and other only have read.
chmod 741 wlancfg - the user has read and write and execute, the group only has read, and other only have execute.
There are three other topics that usually come up when talking about file permissions: setuid (or suid), setgid, and the sticky bit. These will be the subject of another entry.
Related Stories
POSTED IN: Explanation
1 opinion for EXPLAIN: GNU/Linux File Permissions.
Yordan Georgiev
Aug 5, 2007 at 12:43 pm
Short , but extremely well explained!!!
Thanks
Have an opinion? Leave a comment: